Is Your Small Business Vulnerable To A Dark Web Theft?

Your business’ most sensitive data, including customer information, is rife for theft by unscrupulous, anonymous actors on the dark web.

When it comes to theft at your place of
business, long gone are the days of having to worry only about employee shrinkage and a customer using a
stolen credit card.

Nowadays, there’s the dark web to keep you
awake at night. Personal information such as social security numbers, credit
card information, driver’s license and loyalty accounts, for example, are doing brisk
business on the dark web.

According to the consumer credit rating
agency, Experian, a social security number goes for $1. While that might seem
like chump change, if your store has hundreds, or even thousands of customers,
that could be a big pay day for a thief using the dark web. If your customer
data isn’t as secure as it should be, it wouldn’t be difficult for an anonymous
entity on the dark web to steal all your customer’s information in a New York
minute. And who better to know than Experian, which was hacked in 2015,
exposing the data of 15 million Americans.

If dark web forces can hack Experian and, more
recently, Equifax (in 2017, 143 million Americans’ data
was hacked), they probably can hack your business data. And even if you don’t
collect your customers’ social security numbers, other personal information is
even more valuable.

Experian, on its website lists the going rate
for personal information:

Login
information for payment services such as Paypal: $20-$200

Credit cards:
up to $110

Loyalty/Rewards
account info: $20

If you’re not sure if your data is secure,
it’s time to learn about the nefarious forces of the dark web….

What is
the Dark Web?

There are essentially 3 major entities of the
Internet. First, there’s the open web. Also called the “surface web”, the open
web is the part of the Internet that’s visible to the public. For example, any
search you perform on Google is part of the open or surface web.

The second entity of online activity is the
deep web. While “deep web” may sound as illicit as “dark web”, it’s usually
innocuous. Here’s an example: an employee of a hospital logging in to the
hospital’s portal to access the medical history of a patient. In short, the
deep web is accessed only with authorization.

The third part of Internet activity is the
dark web. Not everyone who uses the dark web is a personal information thief.
Nor is the dark web merely for the sale of weapons, drugs and other illicit
activity. However, illegal activity is a major component of the dark web.

That’s not to say that the dark web is itself
inherently evil. The technology of the dark web uses encryption, which offers
anonymity.

Perhaps at this point you’re wondering why
anybody who is totally law-abiding would require to surf the web anonymously?
The answer: protecting your data from being sold to the highest bidder.

Here’s an example: let’s say you want to
donate money to a political candidate online. If you do just that, it’s
possible your data could be sold to a political action committee or other group
affiliated with party politics. Consequently, you will start seeing lots of ads
in your social media feeds and YouTube. If that’s something a political donor
wants to avoid, he or she may use an “onion” (see below)….

Another example of the dark web not
necessarily being used for illegal activity is a good-intentioned
whistle-blower or journalist revealing corruption at a company (or within
government).

The
Onion Router (TOR)

People who use the dark web use a special
software called TOR, which stands for The Onion Router. Another software that
provides encryption is called I2P, or the Invisible Internet Project. To
completely understand how this software works requires a degree in computer
science. However, suffice to say that the software allows users to access
websites without their IP address getting traced.

Nonetheless, if you’re a business owner, it’s
most likely a question of when, not if, your customer data will be compromised.

Dark
Web Targets

If your business takes orders online, there’s
even more frightening news about the dark web to keep you up at night….

According to a global
real-time cyber threat intelligence provider, data breaches are
occurring more often during e-commerce transactions. The reason why is that
more in-store point of sale (POS) systems are using EMV technology. Otherwise
known as chip-card readers, EMV technology makes it more difficult for hackers
to steal credit card data and other personal identity information. (All the
more reason to switch to EMV technology if your store hasn’t
done so already.)

Thus, cyberthieves are turning more to
e-commerce databases. But it’s no longer only large institutions that are
vulnerable to cyber theft. Although hacking, say, an institutional bank, can be
lucrative for a cyber criminal, the larger the breach, the more alarms will be
set off, so to speak. In other words, there’s more of a risk of getting caught.
Therefore, unscrupulous dark web actors are targeting softer targets, i.e.
small businesses.

How can
you prevent dark web theft?
The first thing is to make sure your POS data is stored
securely. Contact
us today to find out how you can protect your customers’ data.